Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various trojans detected!


  • This topic is locked This topic is locked
2 replies to this topic

#1 bungle1979

bungle1979

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 08 August 2009 - 12:49 PM

Hi there..... new to this forum and a bit of a beginner with anything advanced to do with computers.... hope I've done everything right in posting - apologies if not.

Since about lunchtime today, everytime I boot up my laptop, I get about 30+ messages from Avira about various trojans found on my system, all with different names. For some reason I can't run spybot or malwarebytes in either normal or safe mode. Adaware found a trojan when I ran it in safe mode (which it removed ok) but it hasn't made a difference. Apologies for the vagueness of the details but there's been so many pop up... all the files it finds seem to start with UAC though, I'm not sure whether that's helpful or not.

I noticed earlier that there was a b.exe file in my startup menu, which I deselected... and there is an 'advertisement services' on my list of programs.

Just had a message come up whilst running the dds program about fi.exe being corrupt... not sure whether that's relevant?

Any help/advice will be much appreciated.

DDS (Ver_09-07-30.01) - NTFSx86
Run by David at 18:30:11.87 on 08/08/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.893.80 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\msb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Users\David\AppData\Local\Temp\b.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\David\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.co.uk/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PriceFinderObj Class: {969b7e24-7f4d-4bd1-bc22-0e7e1e37f49b} - c:\program files\pricefriend\IEPriceFinder.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Monopod] c:\users\david\appdata\local\temp\b.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TOSHIBA Volume Indicator] "c:\program files\toshiba\utilities\VolControl.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [O2Start] c:\program files\o2cm-ce\o2 connection manager\tscui.exe /s
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\digigu~1.lnk - c:\program files\digiguide tv guide\client.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\mbam.lnk - c:\program files\malwarebytes' anti-malware\mbam.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Microsoft Office.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-8 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-8 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
RUnknown ubih;ubih; [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-2-27 1153368]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-8-7 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-8 38160]

=============== Created Last 30 ================

2009-08-08 17:35 <DIR> --d----- c:\users\david\appdata\roaming\Malwarebytes
2009-08-08 17:28 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-08 16:11 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 16:11 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-08 16:11 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-08 16:11 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-08 16:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 15:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-08 15:00 151,040 a------- c:\windows\msb.exe
2009-08-08 13:18 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 13:18 <DIR> --d----- c:\programdata\Avira
2009-08-08 13:18 <DIR> --d----- c:\program files\Avira
2009-08-08 13:18 <DIR> --d----- c:\progra~2\Avira
2009-08-08 13:11 <DIR> --d----- C:\b47ab97eef4dd8b33f6b47bcb3
2009-08-08 12:09 151,040 a------- c:\windows\msa.exe
2009-08-07 21:00 <DIR> --d----- c:\users\david\Tracing
2009-08-07 20:43 55,280 a------- c:\windows\system32\drivers\fssfltr.sys
2009-08-07 20:38 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-08-07 20:36 <DIR> --d----- c:\program files\Microsoft
2009-08-07 20:35 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-07 20:07 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-07 20:01 <DIR> --d----- c:\programdata\NOS
2009-08-05 00:46 <DIR> --d----- c:\users\david\appdata\roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-08-05 00:46 <DIR> --d----- c:\program files\BBC iPlayer Desktop
2009-07-26 04:33 94,677,857 a------- c:\users\david\Stereo-Typical-_A_s__B_s_and_Rarities_Disc_2.zip
2009-07-26 04:33 89,354,618 a------- c:\users\david\Stereo-Typical-_A_s__B_s_and_Rarities_Disc_1.zip
2009-07-26 04:33 86,161,707 a------- c:\users\david\Stereo-Typical-_A_s__B_s_and_Rarities_Disc_3.zip
2009-07-15 04:41 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 04:41 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 04:41 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 04:41 23,552 a------- c:\windows\system32\lpk.dll
2009-07-15 04:41 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-09 23:19 <DIR> --d----- c:\users\david\appdata\roaming\Sports Interactive
2009-07-09 23:18 <DIR> --d----- c:\programdata\Sports Interactive
2009-07-09 23:18 <DIR> --d----- c:\progra~2\Sports Interactive
2009-07-09 23:16 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-07-09 23:16 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-07-09 23:16 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-07-09 23:16 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-07-09 23:16 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-07-09 23:16 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-07-09 23:16 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-07-09 23:16 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-07-09 23:16 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-07-09 23:16 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-07-09 23:16 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-07-09 23:16 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-07-09 23:01 <DIR> --d----- c:\windows\system32\directx
2009-07-09 22:59 <DIR> --d-h--- c:\program files\Zero G Registry
2009-07-09 22:57 <DIR> --d-h--- c:\users\david\InstallAnywhere
2009-07-09 22:30 <DIR> --d----- c:\program files\GameShadow

==================== Find3M ====================

2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-03 12:21 51,200 a------- c:\windows\inf\infpub.dat
2009-07-03 12:21 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-03 12:21 86,016 a------- c:\windows\inf\infstor.dat
2009-05-29 21:12 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-28 00:19 24,224,819 a------- c:\users\david\cate-set2-bg.zip
2009-04-28 00:19 12,914,270 a------- c:\users\david\cate-set4-bg.zip
2009-04-28 00:18 21,038,847 a------- c:\users\david\cate-set8-bg.zip
2009-04-28 00:17 27,146,566 a------- c:\users\david\cate-set9-bg.zip
2008-10-20 17:18 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:41:46.04 ===============

Attached Files


Edited by bungle1979, 08 August 2009 - 12:50 PM.


BC AdBot (Login to Remove)

 


#2 bungle1979

bungle1979
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 11 August 2009 - 02:33 PM

Hi - mods - please close.

Think I have fixed it.

Apologies if I wasted anyone's time.

Keep up the good work!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:25 PM

Posted 13 August 2009 - 04:33 PM

Hello

Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users